Measuring the health of antivirus ecosystems

The number and variety of computer threats has fueled a digital arms race, resulting in a complex software ecosystem around malware and antivirus (anti-malware) products. While there has been significant past work in benchmarking antivirus (AV) products against each other, how healthy is the overall AV software ecosystem? Using data collected from Microsoft Windows Malicious Software Removal Tool (MSRT) running on more than one billion machines, we develop ecosystem health measures based upon infection rates, product diversity, market dominance, and activity status. Our study shows that while a diverse group of products is used and the vast majority of them are running properly, there is also significant churn in product usage which may indicate dissatisfaction with current products. While further work is needed to better understand these patterns, this study shows the potential power of an ecosystem health-based approach to studying AV performance in practice.